hackerone-graphql-mcp-server
Verified Safeby Hacker0x01
Overview
Provides a Model Context Protocol (MCP) interface to HackerOne's GraphQL API, allowing AI agents or tools to interact with HackerOne data.
Installation
docker run -i --rm -e ENDPOINT="https://hackerone.com/graphql" -e TOKEN="<your_base64_encoded_token>" -e MUTATION_MODE="none" hackertwo/hackerone-graphql-mcp-server:1.0.6Environment Variables
- ENDPOINT
- TOKEN
- MUTATION_MODE
- DISABLE_TYPE_DESCRIPTION
- DISABLE_SCHEMA_DESCRIPTION
Security Notes
The server itself is a thin wrapper over Apollo MCP Server, configured to connect to HackerOne's GraphQL API. It relies on environment variables for sensitive data like `TOKEN` (a base64 encoded API key), which is good practice for Dockerized applications. The `scripts/generate_token.sh` handles API key input securely by suppressing echo. The `MUTATION_MODE` variable allows control over write operations, defaulting to 'none' for safety. Setting `MUTATION_MODE` to 'all' or 'explicit' introduces the risk of performing sensitive operations on HackerOne, which is a user-configurable risk rather than an inherent vulnerability in the server's design. No 'eval', obfuscation, or hardcoded secrets were found.
Similar Servers
mcpo
Exposes Model Context Protocol (MCP) tools as OpenAPI-compatible HTTP servers.
mcp-openapi-server
A Model Context Protocol (MCP) server that exposes OpenAPI endpoints as MCP tools, along with optional support for MCP prompts and resources, enabling Large Language Models to interact with REST APIs.
metorial-platform
An open source integration platform for agentic AI, connecting AI models to external APIs, data sources, and tools.
gh-mcp
A GitHub CLI extension to seamlessly run the github-mcp-server in a Docker container using existing `gh` authentication.